Franchises such as Cerber are making highly profitable ransomware available to a broader range of cyber criminals, according to a report by security firm Check Point

The Cerber ransomware service infected 150,000 devices and extracted $195,000 in ransom payments in July 2016, according to security company Check Point.

Download this free guide

How to improve your cyber security with security analytics

Download this e-guide to read how many firms are looking to security analytics to keep abreast of the ever-evolving world of cyber threats. With traditional approaches to cyber security proving less effective against increasingly sophisticated and automated cyber-attacks, security analytics may well be your knight in shining armour.

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

The Cerber operation is a franchise that supplies ransomware as a service and is believed to be based in Russia. Check Point said there were 160 Cerber campaigns running in 201 countries, excluding the 12 former Soviet Union countries.

Cerber is the world’s biggest ransomware as a service scheme, according to Check Point researchers, who compiled a report on its operations.

The ransomware developer appears to recruit affiliates that spread the malware in return for a 60% cut of the profits and an additional 5% for recruiting a new member. Researchers estimate that the malware authors are making an annual profit of $946,000.

The Cerber operation uses a “maze” of thousands of bitcoin accounts, they said, that allow its franchisees to launder the ransom money they receive.

Cerber is set up to enable non-technical criminals to take part in the highly profitable business and run independent campaigns using a set of command and control servers and an easy-to-use control interface available in 12 languages.

This means that the highly profitable business of ransomware is no longer reserved for skilled attackers who can write sophisticated encryption schemes and establish a steady infrastructure.

With Cerber, unskilled actors without the required technical knowledge can easily connect with developers in various closed forums. For a small payment, the would-be attackers obtain an undetected ransomware variant. Then, they can easily manage their active campaigns through a basic web interface, the research report said.

Bitcoin blurring

Cerber uses bitcoins to evade tracing, and creates a unique bitcoin wallet for each of its victims.

Like all ransomware, Cerber encrypts victims’ data and demands payment of 1 bitcoin ($569) in return for a decryption key to unlock the data.

Victims in Australia, Canada, the UK, the US, Germany, France, Italy and India are most likely to pay the ransom, the report said.

The ransom is transferred to the malware developer and affiliates and passed through thousands of bitcoin wallets, the researchers said, making it almost impossible to trace individual payments.

Not reserved for nation states

“This research provides a rare look at the nature and global targets of the growing ransomware as a service industry,” said Maya Horowitz, group manager for research and development at Check Point.

“Cyber-attacks are no longer the sole essence of nation-state actors and of those with the technical ability to author their own tools; nowadays, they are offered to anyone and can be operated fairly easily.

“As a result, this industry is growing extensively, and we should all take the proper precautions and deploy relevant protections.”

Join the conversation

1 comment

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Your password has been sent to:

Please create a username to comment.

Crooks will always try to find ever-better ways to steal. Okay, got it. But what are the good guys - you know, you and me and our friends in IT - doing to stop it....? Much of the problem comes from people who do very foolish things online. Okay, got that, too. Now what are the white hats doing to save people from their own worst impulses...? We really do have to solve this problem before it overtakes us....